CFReDS 문제풀이

미국국립표준기술연구소(NIST, National Institute of Standards and Technology)에서 제공하는 정보유출사고, 침해사고 관련 시스템 이미지를 분석하고 문제 풀이 방법을 아래와 같이 정리하였다.

Data Leakage Case (정보유출사고)

Hacking Case (침해사고)

1. Data Leakage Case (정보유출사고)

문제 : https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html

1 hash values of image file

2 partition info

3 OS Information

5 computer name

6 all accounts list

7 last logon user

8 last shutdown date/time

9 network interface with IP

10-11 application install/execution logs

12 window event log (system on/off)

13 Web application check

14 artifacts of WEB

15 website access logs

16 kewords using web browser

17 user keywords at the search bar

18 email application check

19 e-mail file location (pst vs ost)

20 e-mail account

22 All about mounted devices, USB, CD-ROM etc

23 artifacts of renamed files

24 network drive

25-26 folder and file opening history

27-28 folder and file opening history

29 artifacts of cloud services on PC

30 cloud storage forensic for Google Drive

31 email account for google drive

32 cd artifacts

33 cd burning time

34 cd (copied files)

35 cd (opened files)

36 DOCX file searching

37 print forensic

38-39 Thumbcache

40-41 sticky notes

42-46 Windows Search Database, windows.edb

47-50 Volume Shadow Copies(VSC)

52 anti-forensic

53-55 USB - File Carving/Recovery & Anti-forensic

56-57 CD - File Carving/Recovery & Anti-Forensic

2. Hacking Case (침해사고)

문제 : https://www.cfreds.nist.gov/Hacking_Case.html

12 Keyword Search in WinHex

13 network card info

14 network settings (IP, MAC)

15 mac address vendor

16 hacking programs

17-18 email account & news server

19 pattern matching using grep

20 outlook express artifacts in WinXP

21-22 mIRC artifacts

23-25 network packet analysis

26 pattern matching using grep (keyword search)

27 yahoo email artifacts

28-30 Recycle Bin in WinXP (INFO2)

31 converting image & analysis at SANS SIFT Workstation

Twitter Facebook LinkedIn

Comments